Every Tornado Siren In Dallas Hacked

April 12, 2017 by Jack Laidlaw 52 Comments

Someone had some fun with the Dallas early warning tornado siren system on Friday, April 8th. All 156 tornado sirens were hacked to go off just before midnight until they were manually turned off individually, reports The Washington Post. Thousands of residents flooded 911 call centers asking if they were under attack, if there was a tornado or if the zombie apocalypse had begun. The sirens were blaring for at least an hour and was originally put down as a malfunction, however it was later revealed that it was a hack and the “hacker” must have had physical access to the siren control center.

This isn’t the first time Dallas has had problems with “hackers” breaking into their infrastructure, Only last year some unknown person/persons hacked electronic road signs (a prank we’ve seen before) in and around Dallas claiming “Work is Canceled — Go Back Home” and “Donald Trump Is A Shape-shifting Lizard!!”. Mayor Mike Rawlings claims the perpetrators will be found and prosecuted although we don’t share his confidence since last year’s attackers are still at large.

The video below is one of many on YouTube filmed by bemused Dallas residents.

UPDATE: This hack seems to have been accomplished via DTMF signals broadcast on radio frequency in the clear. Recognizing the vulnerability after the fact, the system is now using some form of encryption for the control messages. Thanks [Dan J.] for posting this in the comments below.

Continue reading “Every Tornado Siren In Dallas Hacked” →

$10 Orange Pi 2G-IoT Released To Compete With Pi Zero W

April 11, 2017 by Jack Laidlaw 76 Comments

A new single-board computer by Orange Pi has popped up for sale on AliExpress. The Orange Pi 2G-IoT is designed to compete with the Raspberry Pi Zero, and if specs are anything to go by they have done a nice job.

There are a lot of options for extra small single board computers these days and there’s a growing list at the lowest price points. Let’s call it the sub-$20 cost range (to quell the argument of shipping fees). We have seen C.H.I.P., the Raspberry Pi Foundation released the Pi Zero W (an update to the Zero line that included WiFi and Bluetooth), the already available Orange Pi Zero (which was featured in a project on Monday), and now add to that list the unfortunately named Orange Pi 2G-IoT.

The 2g-IoT is sporting an ARM Cortex-A5 32bit clocked at 1GHz with 256MB DDR2 RAM. It’s nice to see 500 MB of on-board NAND to go along with an SD card slot for larger storage. It also has a CSI camera connector, WiFi, Bluetooth, an FM Radio and GSM/GPRS with a sim card slot on the bottom. It is pin compatible with Raspberry Pi’s almost standardized GPIO layout.

All this for $10 is quite impressive to say the least, especially the addition of GSM/GPRS. Will it kill Raspberry Pi Zero W sales? We think not. While the Orange Pi’s are great little computers, they don’t have the community support that is afforded to Raspberry Pi products making for less support online when you run into a problem. That’s if you can even get the thing running in the first place. The Orange Pi’s website has not yet been updated to reflect the new release. However if you are interested in getting one for yourself right now, head over to your favorite Chinese electronics supplier.

[via Geeky Gadgets and CNX]

Wirelessly Charge Your Phone From High Voltage Power Lines

April 10, 2017 by Jack Laidlaw 103 Comments

Using nothing more than an antenna, a spark plug, a flyback transformer, a diode, and a car phone charger, [Kreosan] have implemented the world’s most dangerous cell-phone charger: wirelessly charging their phone from high voltage power lines. This is a demonstration of a hack that we thought was just an urban legend, but it’s probably best to leave this as just a demo — this one is probably illegal and definitely dangerous.

The charger works by holding an old TV aerial fairly close to high voltage overhead cables, and passing the resulting tiny current through a spark plug and a flyback transformer to ground. To charge the phone, they tapped the transformer, rectified it through a diode, and fed it into a car-plug phone charger. [Kreosan] claims to harvest enough “free” electricity to charge the phone. (Where by “free”, we mean stolen from the electric grid.)

If you regularly find yourself running out of charge and like a bit of danger why not make a power bank that looks like a bomb instead. Sure we don’t advise you take it on a plane but it seems like a much safer option than using overhead power lines.

Continue reading “Wirelessly Charge Your Phone From High Voltage Power Lines” →

Remotely Get Root On Most Smart TVs With Radio Signals

April 6, 2017 by Jack Laidlaw 58 Comments

[Rafael Scheel] a security consultant has found that hacking smart TVs takes nothing much more than an inexpensive DVB-T transmitter, The transmitter has to be in range of the target TV and some malicious signals. The hack works by exploiting hybrid broadcast broadband TV signals and widely known about bugs in web browsers commonly run on smart TVs, which seem run in the background almost all the time.

Scheel was commissioned by Cyber security company Oneconsult, to create the exploit which once deployed, gave full root privileges enabling the attacker to setup and SSH into the TV taking complete control of the device from anywhere in the world. Once exploited the rogue code is even unaffected by device reboots and factory resets.

Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways, Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone. – Rafael Scheel

Smart TV’s seem to be suffering from IoT security problems. Turning your TV into an all-seeing, all-hearing surveillance device reporting back to it’s master is straight out of 1984.

A video of a talk about the exploit along with all the details is embedded below.
Continue reading “Remotely Get Root On Most Smart TVs With Radio Signals” →

IOT Startup Bricks Customers Garage Door Intentionally

April 5, 2017 by Jack Laidlaw 201 Comments

Internet of Things startup Garadget remotely bricked an unhappy customer’s WiFi garage door for giving a bad Amazon review and being rude to company reps. Garadget device owner [Robert Martin] found out the hard way how quickly the device can turn a door into a wall. After leaving a negative Amazon review, and starting a thread on Garadget’s support forum complaining the device didn’t work with his iPhone, Martin was banned from the forum until December 27, 2019 for his choice of words and was told his comments and bad Amazon review had convinced Garadget staff to ban his device from their servers.

The response was not what you would expect a community-funded startup. “Technically there is no bricking, though,” the rep replied. “No changes are made to the hardware or the firmware of the device, just denied use of company servers.” Tell that to [Robert] who can’t get into his garage.

This caused some discontent amoung other customers wondering if it was just a matter of time before more paying customers are subjected to this outlandish treatment. The Register asked Garadget’s founder [Denis Grisak] about the situation, his response is quoted below.

It was a Bad PR Move, Martin has now had his server connection restored, and the IOT upstart has posted a public statement on the matter.– Garadget

This whole debacle brings us to the conclusion that the IoT boom has a lot of issues ahead that need to be straightened out especially when it comes to ethics and security. It’s bad enough to have to deal with the vagaries of IoT Security and companies who shut down their products because they’re just not making enough money. Now we have to worry about using “cloud” services because the people who own the little fluffy computers could just be jerks.

Learn Neural Network And Evolution Theory Fast

April 5, 2017 by Jack Laidlaw 32 Comments

[carykh] has a really interesting video series which can give a beginner or a pro a great insight into how neural networks operate and at the same time how evolution works. You may remember his work creating a Bach audio producing neural network, and this series again shows his talent at explaining the complex topic so anyone may understand.

He starts with 1000 “creatures”. Each has an internal clock which acts a bit like a heart beat however does not change speed throughout the creature’s life. Creatures also have nodes which cause friction with the ground but don’t collide with each other. Connecting the nodes are muscles which can stretch or contract and have different strengths.

At the beginning of the simulation the creatures are randomly generated along with their random traits. Some have longer/shorter muscles, while node and muscle positions are also randomly selected. Once this is set up they have one job: move from left to right as far as possible in 15 seconds.

Each creature has a chance to perform and 500 are then selected to evolve based on how far they managed to travel to the right of the starting position. The better the creature performs the higher the probability it will survive, although some of the high performing creatures randomly die and some lower performers randomly survive. The 500 surviving creatures reproduce asexually creating another 500 to replace the population that were killed off.

The simulation is run again and again until one or two types of species start to dominate. When this happens evolution slows down as the gene pool begins to get very similar. Occasionally a breakthrough will occur either creating a new species or improving the current best species leading to a bit of a competition for the top spot.

We think the series of four short YouTube videos (all around 5 mins each) that kick off the series demonstrate neural networks in a very visual way and make it really easy to understand. Whether you don’t know much about neural networks or you do and want to see something really cool, these are worthy of your time.

Continue reading “Learn Neural Network And Evolution Theory Fast” →

Gigabytes The Dust With UEFI Vulnerabilities

April 4, 2017 by Jack Laidlaw 46 Comments

At this year’s BlackHat Asia security conference, researchers from Cylance disclosed two potentially fatal flaws in the UEFI firmware of Gigabyte BRIX small computers which allow a would-be attacker unfettered low-level access to the computer.

Gigabyte has been working on a fix since the start of 2017. Gigabyte are preparing to release firmware updates as a matter of urgency to only one of the affected models — GB-BSi7H-6500 (firmware vF6), while leaving the — GB-BXi7-5775 (firmware vF2) unpatched as it has reached it’s end of life. We understand that support can’t last forever, but if you sell products with such a big fault from the factory, it might be worth it to fix the problem and keep your reputation.

The two vulnerabilities that have been discovered seem like a massive oversight from Gigabyte, They didn’t enable write protection for their UEFI (CVE-2017-3197), and seem to have thrown cryptography out of the window when it comes to signing their UEFI files (CVE-2017-3198). The latter vulnerability is partly due to not verifying a checksum or using HTTPS in the firmware update process, instead using its insecure sibling HTTP. CERT has issued an official vulnerability note (VU#507496) for both flaws.

Attackers may exploit the vulnerabilities to execute unsigned code in System Management Mode (SMM), planting whatever malware they like into the low level workings of the computer. Cylance explain a possible scenario as follows:

The attacker gains user-mode execution through an application vulnerability such as a browser exploit or a malicious Word document with an embedded script. From there, the attacker elevates his privileges by exploiting the kernel or a kernel module such as Capcom.sys to execute code in ring 0. A vulnerable SMI handler allows the attacker to execute code in SMM mode (ring -2) where he finally can bypass any write protection mechanisms and install a backdoor into the system’s firmware.

With all this said, it does raise some interesting opportunities for the hacker community. We wonder if anyone will come up with a custom UEFI for the Brix since Gigabyte left the keys in the door.